Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4165

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-4165
Last Modified 23 Jul 2009 12:00:00
Published 22 Sep 2008 02:34:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4165

Summary

admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.

Vulnerable Systems

Application

  • Kolab Groupware Server 1.0.0


References

BID - 31165

CONFIRM - https://qa.mandriva.com/show_bug.cgi?id=43434

XF - kolab-logfile-information-disclosure(45124)

MANDRIVA - MDVSA-2008:193


Last Updated: 27 May 2016 10:48:24